The Business Information Security Officer’s (BISO) role will be the focal point for effective engagement between Informa division / business areas and the Enterprise Information Security function. This role will be a trusted adviser to senior business and technology stakeholders and provide broad knowledge of Informa’s Information Security strategies, policies, processes, architecture and road maps to enable divisions/business to understand and meet Information Security requirements.
The BISO role will report to the Deputy Chief Information Security Officer (Deputy CISO) with dotted line reporting to the Divisional CTO and work closely with the with the business, supporting to operate within Informa’s information security risk appetite. The BISO will be an essential business partner and
will take responsibility for the assessing and managing information security risk for the business.
This role will focus on ensuring that Information Security is considered in respect of all elements of Business. The BISO will be required to support business units with the design and implementation of central security strategies.
Key responsibilities of the role
- Build maintain effective relationship with a division’s Business and Technology stakeholders. Be the voice of Information Security in the division/business area and the voice of the business within Information Security.
- Own and communicate the divisional roadmap for Information security aligned with Informa’s risk appetite and overall Information Security roadmap. Align Information Security responsibilities and working practices of divisions and InfoSec. Identify and resolve risks and issues.
- Facilitate planning, introduction, delivery of Information Security services and initiatives e.g.
- to support compliance activities, security audits
- security capability / maturity improvement,
- delivery of point services such as vulnerability assessments, project risk assessments, vendor assessments
- divisional security awareness and educations
- delivering targeted security and risk briefing
- Collate demand for security and collaborate across the Information Security team to balance supply and demand of security and divisional resources.
- Contribution to development and implementation of Informa security architecture, and the design of Information Security service and processes.
- Contribute to business continuity planning.
- Ensure that policy compliance is appropriate to the organisational and Business Unit’s level of risk acceptance.
- Demonstrate to stakeholders that appropriate controls are in place and own/create actions plans to manage improvement or change where necessary.
- Advise stakeholders on how to achieve the relevant controls and assist with solutions to support them.
- Where necessary ensure that processes are documented and communicated in language that is relevant and understandable to international and /or non-technical audiences.
- Ensure all proposed technical solutions uphold Group requirements and maintain the integrity of the infrastructure.
- Look for opportunities to inform, engage or train others to make the best use of Problem and Change management for Security.
- Support and deliver security initiatives as needed and be in a position to demonstrate and track progress to stakeholders.
- Raise the profile of security within the organisation by being pro-actively involved with stakeholders and customers.
- Manage Divisional security incidents, working closely with Group and Divisional stakeholders.
- Any other duties relating to the remit of a role of this standing as required by the needs of the business.
Reporting line / information of direct reports
The BISO report directly into the Group Deputy CISO, with dotted line reporting to the Divisional CTO. This role will join the Group Information Security Management Team.
What we’re looking for
The ideal candidate profile will include the following points:
- 5+ years in a similar role in a large international organisation
- The ability to interact with Informa colleagues, build good relationships at all levels and across all business units and organisations, and the ability of influence stakeholders of all levels
- Excellent verbal, written and interpersonal communication skills. Listens and communicates technical subjects to both technical and nontechnical audiences, flexes style to suit the needs of the audience.
- Ability to work with others effectively, with 3rd parties, internal teams, and international business units, promoting knowledge sharing within and across teams.
- Highly selfmotivated and directed, with keen attention to detail.
- A good understanding of Security frameworks including ISO27001/NIST/SANs.
- Have a relevant industry certification such as CISSP, CISM, CRISC or similar.
What’s in it for you
This role is a great opportunity to learn and grow within exciting growing international business. There will exposure to new technology and software. The successful candidate will have the opportunity to be part of, and help shape, Informa’s Information Security landscape. This is a senior Information Security position and this role will join the Group-wide Information Security Management Team.